Select Language

close

PCI DSS Services

PCI DSS Services - WHAT is it?

Any organisation or entity that’s involved in payment-card processing or that stores, processes, or transmits account data has to comply with the requirements of the Payment Card Industry Security Standards Council (PCI SSC), founded by American Express, Discover, JCB International, MasterCard and Visa in 2006.

A simple way of looking at this is that if you’re a business that accepts plastic cards or a bank or financial services provider that issues them, you will need to comply with the PCI Data Security Standard, or PCI DSS.

This means you have to meet six key goals (sometimes referred to as ‘control objectives’) and 12 key requirements:

Build and maintain a secure network
1. Install and maintain a firewall to protect cardholder data
2. Avoid vendor-supplied defaults for system passwords and other security parameters

Protect cardholder data
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks

Maintain a vulnerability management programme
5. Use and regularly update antivirus software or programmes
6. Develop and maintain secure systems and applications

Implement strong access control measures
7. Restrict access to cardholder data on a business need-to-know basis
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data

Monitor and test networks regularly
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes

Maintain an information security policy
12. Maintain a policy that addresses information security for employees and contractors

WHY do I need PCI DSS Services?

Simple answer would be because you are storing, processing or transmitting cardholder data. But this way you are only doing it because you have to. Since we at Cognosec strongly believe that security should be the goal while compliance will come as an consequence of having a secure environment our answer would be because you want to secure your and your client’s cardholder data. Our approach is to help you implement PCI DSS being the set of minimum security requirement which in today’s dynamic world is just the first step you have to take. But also first step could be the hardest and the most important one. We are here to make that step with you.

WHEN do I need it?

Yesterday. PCI DSS has been here for more than 10 years helping companies fight the cyber criminals and securing cardholder data. And criminals are not sleeping. they are developing new tools and new ways each day, so if you are not already boarded on PCI DSS train you should be standing in line for the ticket. Because without implementing security mechanisms it might already be too late. And you might already been breached. Don’t give them more time…